[c-nsp] strange access list behavior
Amol Sapkal
amolsapkal at gmail.com
Thu May 25 08:45:34 EDT 2006
Vikas,
Can you post an output that shows the hitcount?
-Amol
On 5/25/06, Vikas Sharma <vikassharmas at gmail.com> wrote:
>
> Hi,
>
> I am trying to implement VLAN access map for ports 135-139 and 445. It is
> working fine for all ports except port 137. Though I have blocked it still
> I
> am getting packets on port 137.
> Pls find the sh access-list out-put below --:
>
> sh ip acc�
> Switch#sh ip acce
> Switch#sh ip access-lists
> Extended IP access list 175
> 10 deny tcp any any eq 135
> 20 deny udp any any eq 135
> 30 deny tcp any any eq 136
> 40 deny udp any any eq 136
> 50 deny tcp any any eq 137
> 60 deny udp any any eq netbios-ns
> 70 deny tcp any any eq 138
> 80 deny udp any any eq netbios-dgm
> 90 deny tcp any any eq 139
> 100 deny udp any any eq netbios-ss
> 110 deny tcp any any eq 1434
> 120 deny tcp any any eq 445
> 130 deny tcp any any eq 593
> 140 deny tcp any any eq 4444
> 150 deny tcp any any eq 9996
> 160 deny tcp any any eq 5554
> 170 deny udp any any eq 1434
> 180 deny udp any any eq 445
> 190 deny udp any any eq 593
> 200 deny udp any any eq 4444
> 210 deny udp any any eq 9996
> 220 deny udp any any eq tftp
> 230 deny udp any any eq 995
> 240 deny udp any any eq 996
> 250 deny udp any any eq 997
> 260 deny udp any any eq 998
> 270 deny udp any any eq 999
> 280 deny udp any any eq 8998
> 290 permit ip any any
> Switch#
>
>
> Regards
> Vikas
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Warm regards,
Amol Sapkal
-------------------------------------------------------------------
"When I'm not in my right mind, my left mind
gets pretty crowded"
-------------------------------------------------------------------
More information about the cisco-nsp
mailing list